Researchers from the Great Firewall Report team report that the largest data leak in the entire history of the “Golden Shield,” also known as the “Great Firewall of China,” has occurred.
About 600 GB of internal documents, source code, operational logs, and developers’ internal correspondence, as well as package repositories and operational manuals used to build and maintain China’s national traffic filtering system, have leaked online.
It is believed that these files are linked to the MESA Laboratory at the Institute of Information Engineering (a research unit of the Chinese Academy of Sciences), as well as to the company Geedge Networks, which, in turn, has long been associated with Fang Binxing — one of the chief developers of the “Golden Shield”.
According to the researchers, the leak contains complete build systems for DPI platforms, as well as code modules responsible for detecting and throttling certain censorship-circumvention tools. Most of this stack is aimed at detecting VPNs using DPI methods, SSL fingerprinting, and full session logging.
Experts from the Great Firewall Report are already analyzing the massive archive and claim that the leaked documents also describe the internal architecture of a commercial platform called Tiangou, intended for use by ISPs and border gateways.
Tiangou is a turnkey solution that researchers describe as an “off-the-shelf version of the Great Firewall of China.” Its initial deployments were built on HP and Dell servers, and then, in response to sanctions, it shifted to Chinese-made equipment.
Additionally, the publicly released documents state that this system was deployed across 26 data centers in Myanmar, and real-time monitoring dashboards tracked 81 million concurrent TCP connections. The system was reportedly operated by Myanmar’s state-owned telecommunications company and was integrated into the main internet exchange points, enabling mass blocking and selective filtering.
As reported by analysts at Wired and Amnesty International, it didn’t stop with Myanmar. Geedge Networks’ DPI infrastructure was also exported to other countries (including Pakistan, Ethiopia, Kazakhstan, and others), where it is used alongside other lawful interception platforms.
In Pakistan, Geedge Networks equipment is allegedly part of a larger system known as WMS 2.0, which is capable of conducting total surveillance of mobile networks in real time.
Moreover, Wired’s investigation reports that, according to the leaked documents, Geedge Networks’ systems are capable of intercepting unencrypted HTTP sessions.
Researchers have only just begun to sift through the massive leak, and most of the materials have yet to be examined. However, analysts believe that build logs and developer notes for the Great Firewall of China could help identify protocol vulnerabilities or operational shortcomings that creators of censorship-circumvention tools may later exploit.
The leak is already being mirrored by Enlace Hacktivista and other enthusiasts. Meanwhile, researchers urge caution to anyone who downloads and examines this archive. It is strongly recommended to use only network-isolated virtual machines or other secure environments.